Visible to the public Biblio

Filters: Keyword is Anomaly  [Clear All Filters]
2023-08-18
KK, Sabari, Shrivastava, Saurabh, V, Sangeetha..  2022.  Anomaly-based Intrusion Detection using GAN for Industrial Control Systems. 2022 10th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO). :1—6.
In recent years, cyber-attacks on modern industrial control systems (ICS) have become more common and it acts as a victim to various kind of attackers. The percentage of attacked ICS computers in the world in 2021 is 39.6%. To identify the anomaly in a large database system is a challenging task. Deep-learning model provides better solutions for handling the huge dataset with good accuracy. On the other hand, real time datasets are highly imbalanced with their sample proportions. In this research, GAN based model, a supervised learning method which generates new fake samples that is similar to real samples has been proposed. GAN based adversarial training would address the class imbalance problem in real time datasets. Adversarial samples are combined with legitimate samples and shuffled via proper proportion and given as input to the classifiers. The generated data samples along with the original ones are classified using various machine learning classifiers and their performances have been evaluated. Gradient boosting was found to classify with 98% accuracy when compared to other
2022-06-09
Gupta, Ragini, Nahrstedt, Klara, Suri, Niranjan, Smith, Jeffrey.  2021.  SVAD: End-to-End Sensory Data Analysis for IoBT-Driven Platforms. 2021 IEEE 7th World Forum on Internet of Things (WF-IoT). :903–908.
The rapid advancement of IoT technologies has led to its flexible adoption in battle field networks, known as Internet of Battlefield Things (IoBT) networks. One important application of IoBT networks is the weather sensory network characterized with a variety of weather, land and environmental sensors. This data contains hidden trends and correlations, needed to provide situational awareness to soldiers and commanders. To interpret the incoming data in real-time, machine learning algorithms are required to automate strategic decision-making. Existing solutions are not well-equipped to provide the fine-grained feedback to military personnel and cannot facilitate a scalable, end-to-end platform for fast unlabeled data collection, cleaning, querying, analysis and threats identification. In this work, we present a scalable end-to-end IoBT data driven platform for SVAD (Storage, Visualization, Anomaly Detection) analysis of heterogeneous weather sensor data. Our SVAD platform includes extensive data cleaning techniques to denoise efficiently data to differentiate data from anomalies and noise data instances. We perform comparative analysis of unsupervised machine learning algorithms for multi-variant data analysis and experimental evaluation of different data ingestion pipelines to show the ability of the SVAD platform for (near) real-time processing. Our results indicate impending turbulent weather conditions that can be detected by early anomaly identification and detection techniques.
2021-11-08
Afroz, Sabrina, Ariful Islam, S.M, Nawer Rafa, Samin, Islam, Maheen.  2020.  A Two Layer Machine Learning System for Intrusion Detection Based on Random Forest and Support Vector Machine. 2020 IEEE International Women in Engineering (WIE) Conference on Electrical and Computer Engineering (WIECON-ECE). :300–303.
Unauthorized access or intrusion is a massive threatening issue in the modern era. This study focuses on designing a model for an ideal intrusion detection system capable of defending a network by alerting the admins upon detecting any sorts of malicious activities. The study proposes a two layered anomaly-based detection model that uses filter co-relation method for dimensionality reduction along with Random forest and Support Vector Machine as its classifiers. It achieved a very good detection rate against all sorts of attacks including a low rate of false alarms as well. The contribution of this study is that it could be of a major help to the computer scientists designing good intrusion detection systems to keep an industry or organization safe from the cyber threats as it has achieved the desired qualities of a functional IDS model.
2021-07-08
Chaturvedi, Amit Kumar, Kumar, Punit, Sharma, Kalpana.  2020.  Proposing Innovative Intruder Detection System for Host Machines in Cloud Computing. 2020 9th International Conference System Modeling and Advancement in Research Trends (SMART). :292—296.
There is very significant role of Virtualization in cloud computing. The physical hardware in the cloud computing reside with the host machine and the virtualization software runs on it. The virtualization allows virtual machines to exist. The host machine shares its physical components such as memory, storage, and processor ultimately to handle the needs of the virtual machines. If an attacker effectively compromises one VM, it could outbreak others on the same host on the network over long periods of time. This is an gradually more popular method for cross-virtual-machine attacks, since traffic between VMs cannot be examined by standard IDS/IPS software programs. As we know that the cloud environment is distributed in nature and hence more susceptible to various types of intrusion attacks which include installing malicious software and generating backdoors. In a cloud environment, where organizations have hosted important and critical data, the security of underlying technologies becomes critical. To alleviate the hazard to cloud environments, Intrusion Detection Systems (IDS) are a cover of defense. In this paper, we are proposing an innovative model for Intrusion Detection System for securing Host machines in cloud infrastructure. This proposed IDS has two important features: (1) signature based and (2) prompt alert system.
2021-06-24
Dmitrievich, Asyaev Grigorii, Nikolaevich, Sokolov Aleksandr.  2020.  Automated Process Control Anomaly Detection Using Machine Learning Methods. 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :0536–0538.
The paper discusses the features of the automated process control system, defines the algorithm for installing critical updates. The main problems in the administration of a critical system have been identified. The paper presents a model for recognizing anomalies in the network traffic of an industrial information system using machine learning methods. The article considers the network intrusion dataset (raw TCP / IP dump data was collected, where the network was subjected to multiple attacks). The main parameters that affect the recognition of abnormal behavior in the system are determined. The basic mathematical models of classification are analyzed, their basic parameters are reviewed and tuned. The mathematical model was trained on the considered (randomly mixed) sample using cross-validation and the response was predicted on the control (test) sample, where the model should determine the anomalous behavior of the system or normal as the output. The main criteria for choosing a mathematical model for the problem to be solved were the number of correctly recognized (accuracy) anomalies, precision and recall of the answers. Based on the study, the optimal algorithm for recognizing anomalies was selected, as well as signs by which this anomaly can be recognized.
2021-03-04
Sejr, J. H., Zimek, A., Schneider-Kamp, P..  2020.  Explainable Detection of Zero Day Web Attacks. 2020 3rd International Conference on Data Intelligence and Security (ICDIS). :71—78.

The detection of malicious HTTP(S) requests is a pressing concern in cyber security, in particular given the proliferation of HTTP-based (micro-)service architectures. In addition to rule-based systems for known attacks, anomaly detection has been shown to be a promising approach for unknown (zero-day) attacks. This article extends existing work by integrating outlier explanations for individual requests into an end-to-end pipeline. These end-to-end explanations reflect the internal working of the pipeline. Empirically, we show that found explanations coincide with manually labelled explanations for identified outliers, allowing security professionals to quickly identify and understand malicious requests.

2021-03-01
Raj, C., Khular, L., Raj, G..  2020.  Clustering Based Incident Handling For Anomaly Detection in Cloud Infrastructures. 2020 10th International Conference on Cloud Computing, Data Science Engineering (Confluence). :611–616.
Incident Handling for Cloud Infrastructures focuses on how the clustering based and non-clustering based algorithms can be implemented. Our research focuses in identifying anomalies and suspicious activities that might happen inside a Cloud Infrastructure over available datasets. A brief study has been conducted, where a network statistics dataset the NSL-KDD, has been chosen as the model to be worked upon, such that it can mirror the Cloud Infrastructure and its components. An important aspect of cloud security is to implement anomaly detection mechanisms, in order to monitor the incidents that inhibit the development and the efficiency of the cloud. Several methods have been discovered which help in achieving our present goal, some of these are highlighted as the following; by applying algorithm such as the Local Outlier Factor to cancel the noise created by irrelevant data points, by applying the DBSCAN algorithm which can detect less denser areas in order to identify their cause of clustering, the K-Means algorithm to generate positive and negative clusters to identify the anomalous clusters and by applying the Isolation Forest algorithm in order to implement decision based approach to detect anomalies. The best algorithm would help in finding and fixing the anomalies efficiently and would help us in developing an Incident Handling model for the Cloud.
2020-04-10
Srinu, Sesham, Reddy, M. Kranthi Kumar, Temaneh-Nyah, Clement.  2019.  Physical layer security against cooperative anomaly attack using bivariate data in distributed CRNs. 2019 11th International Conference on Communication Systems Networks (COMSNETS). :410—413.
Wireless communication network (WCN) performance is primarily depends on physical layer security which is critical among all other layers of OSI network model. It is typically prone to anomaly/malicious user's attacks owing to openness of wireless channels. Cognitive radio networking (CRN) is a recently emerged wireless technology that is having numerous security challenges because of its unlicensed access of wireless channels. In CRNs, the security issues occur mainly during spectrum sensing and is more pronounced during distributed spectrum sensing. In recent past, various anomaly effects are modelled and developed detectors by applying advanced statistical techniques. Nevertheless, many of these detectors have been developed based on sensing data of one variable (energy measurement) and degrades their performance drastically when the data is contaminated with multiple anomaly nodes, that attack the network cooperatively. Hence, one has to develop an efficient multiple anomaly detection algorithm to eliminate all possible cooperative attacks. To achieve this, in this work, the impact of anomaly on detection probability is verified beforehand in developing an efficient algorithm using bivariate data to detect possible attacks with mahalanobis distance measure. Result discloses that detection error of cooperative attacks by anomaly has significant impact on eigenvalue-based sensing.
2020-03-16
Iuhasz, Gabriel, Petcu, Dana.  2019.  Perspectives on Anomaly and Event Detection in Exascale Systems. 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). :225–229.
The design and implementation of exascale system is nowadays an important challenge. Such a system is expected to combine HPC with Big Data methods and technologies to allow the execution of scientific workloads which are not tractable at this present time. In this paper we focus on an event and anomaly detection framework which is crucial in giving a global overview of a exascale system (which in turn is necessary for the successful implementation and exploitation of the system). We propose an architecture for such a framework and show how it can be used to handle failures during job execution.
2019-02-08
Alzahrani, S., Hong, L..  2018.  Detection of Distributed Denial of Service (DDoS) Attacks Using Artificial Intelligence on Cloud. 2018 IEEE World Congress on Services (SERVICES). :35-36.

This research proposes a system for detecting known and unknown Distributed Denial of Service (DDoS) Attacks. The proposed system applies two different intrusion detection approaches anomaly-based distributed artificial neural networks(ANNs) and signature-based approach. The Amazon public cloud was used for running Spark as the fast cluster engine with varying cores of machines. The experiment results achieved the highest detection accuracy and detection rate comparing to signature based or neural networks-based approach.

2017-03-08
Kaur, R., Singh, S..  2015.  Detecting anomalies in Online Social Networks using graph metrics. 2015 Annual IEEE India Conference (INDICON). :1–6.

Online Social Networks have emerged as an interesting area for analysis where each user having a personalized user profile interact and share information with each other. Apart from analyzing the structural characteristics, detection of abnormal and anomalous activities in social networks has become need of the hour. These anomalous activities represent the rare and mischievous activities that take place in the network. Graphical structure of social networks has encouraged the researchers to use various graph metrics to detect the anomalous activities. One such measure that seemed to be highly beneficial to detect the anomalies was brokerage value which helped to detect the anomalies with high accuracy. Also, further application of the measure to different datasets verified the fact that the anomalous behavior detected by the proposed measure was efficient as compared to the already proposed measures in Oddball Algorithm.